Sensitive but unclassified

Last updated
A menu for a party, marked FOUO Jmtc-espn-veterans-day-menu.png
A menu for a party, marked FOUO

Sensitive But Unclassified (SBU) is a designation of information in the United States federal government that, though unclassified, often requires strict controls over its distribution. SBU is a broad category of information that includes material covered by such designations as For Official Use Only (FOUO), Law Enforcement Sensitive (LES), Sensitive Homeland Security Information, Sensitive Security Information (SSI), Critical Infrastructure Information (CII), etc. It also includes Internal Revenue Service materials like individual tax records, systems information, and enforcement procedures. Some categories of SBU information have authority in statute or regulation (e.g. SSI, CII) while others, including FOUO, do not.

Contents

An example of FOUO being mixed in with Top Secret info in the same document. (From the CIA Inspector General report about Torture in the War on Terror) Tmemo fouo.png
An example of FOUO being mixed in with Top Secret info in the same document. (From the CIA Inspector General report about Torture in the War on Terror)
The unclassified "Military Working Dogs" web document, marked Distribution Restricted circa 2011 Distribution restricted1.png
The unclassified "Military Working Dogs" web document, marked Distribution Restricted circa 2011

Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules, often used by TSA and CBP. SSI is information obtained in the conduct of security activities whose public disclosure would, in the judgment of specified government agencies, harm transportation security, be an unwarranted invasion of privacy, or reveal trade secrets or privileged or confidential information.

UNCLASSIFIED//FOUO is primarily a Department of Defense phrase/acronym, used for documents or products which contain material which may be exempt from release under the Freedom of Information Act. It is treated as confidential, which means it cannot be discarded in the open trash, made available to the general public, or posted on an uncontrolled website. It can, however, be shared with individuals with a need to know the content, while still under the control of the individual possessing the document or product. [1]

Information that may be protected with these labels range from personally identifying information such as passport and Social Security numbers to documents protected by the attorney–client privilege. [2] [3] Though SBU information may be exempt from complete disclosure under the Freedom of Information Act, it should not be universally withheld. [4] [5]

PARD (Protect as restricted data) is an unclassified but sensitive marking used in the Department of Energy. It is the marking that was on Dr. Wen Ho Lee's program codes at Los Alamos National Laboratory. He (and many other scientists) backed up such data to tape. The government would later claim this was "espionage" and charge him under 18 U.S.C.   § 793 , (the Espionage Act) which makes it a felony to "withhold" information related to the "national defense". He eventually pleaded guilty to one of the 54 counts against him. [6] [7] He later won a lawsuit against the government and several newspapers over his treatment.

Limited Distribution, Proprietary, Originator Controlled , Law Enforcement Sensitive were designations the Pentagon attempted in 2011 to exempt from President Obama's Executive Order 13556. [8]

The number of designations in use by various branches of the U.S. government for unclassified information eventually numbered more than 100. On May 9, 2008, President George W. Bush directed their consolidation into a new category: Controlled Unclassified Information (CUI). [9] [10]

See also

Related Research Articles

Consumer privacy is information privacy as it relates to the consumers of products and services.

<span class="mw-page-title-main">Classified information</span> Material that government claims requires confidentiality

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know. Mishandling of the material can incur criminal penalties.

A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.

<span class="mw-page-title-main">Freedom of Information Act (United States)</span> 1967 US statute regarding access to information held by the US government

The Freedom of Information Act, 5 U.S.C. § 552, is the United States federal freedom of information law that requires the full or partial disclosure of previously unreleased or uncirculated information and documents controlled by the U.S. government upon request. The act defines agency records subject to disclosure, outlines mandatory disclosure procedures, and includes nine exemptions that define categories of information not subject to disclosure. The act was intended to make U.S. government agencies' functions more transparent so that the American public could more easily identify problems in government functioning and put pressure on Congress, agency officials, and the president to address them. The FOIA has been changed repeatedly by both the legislative and executive branches.

<span class="mw-page-title-main">Information Security Oversight Office</span> Office of the National Archives of the United States

The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security classification system and the National Industrial Security Program in the United States. The ISOO is a component of the National Archives and Records Administration (NARA) and receives policy and program guidance from the National Security Council (NSC).

<span class="mw-page-title-main">Operations security</span> Counterespionage safety procedures and practices

Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.

Privacy law is a set of regulations that govern the collection, storage, and utilization of personal information from healthcare, governments, companies, public or private entities, or individuals.

Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.

Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.

The anti-gag statute is a little-known legal boundary in the long struggle in the United States between Executive Branch secrecy and the United States Congress and the public's right to know. Since 1988, the statute has been an annual appropriations restriction drawing the line on Executive branch efforts to limit whistleblowing disclosures to information that is specifically identified in advance as classified. The anti-gag statute requires a mandatory, specifically worded addendum on any nondisclosure policy, form or agreement to legally spend money to implement or enforce the gag order.

<span class="mw-page-title-main">Sensitive security information</span>

Sensitive security information (SSI) is a category of United States sensitive but unclassified information obtained or developed in the conduct of security activities, the public disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. It is not a form of classification under Executive Order 12958 as amended. SSI is not a security classification for national security information. The safeguarding and sharing of SSI is governed by Title 49 Code of Federal Regulations (CFR) parts 15 and 1520. This designation is assigned to information to limit the exposure of the information to only those individuals that "need to know" in order to participate in or oversee the protection of the nation's transportation system. Those with a need to know can include persons outside of TSA, such as airport operators, aircraft operators, railroad carriers, rail hazardous materials shippers and receivers, vessel and maritime port owners and operators, foreign vessel owners, and other persons.

For Official Use Only (FOUO) is an information security designation used by some governments.

<span class="mw-page-title-main">Controlled Unclassified Information</span> US government information category

Controlled Unclassified Information (CUI) is a category of unclassified information within the U.S. Federal government. The CUI program was created by President Obama’s Executive Order 13556 to create a streamlined method for information sharing and safeguarding. The Information Security Oversight Office (ISOO) acts as the Executive Agent (EA) of the National Archives and Records Administration (NARA), and is responsible for oversight of the CUI program. The ISOO monitors the implementation of the CUI program by executive branch agencies. CUI will replace agency specific labels such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU), and Law Enforcement Sensitive (LES) on new data and some data with legacy labels will also qualify as Controlled Unclassified Information. Federal contractors who handle CUI will be required to self-assess with the Cybersecurity Maturity Model Certification (CMMC) under the Cyber AB.

Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and logically connect to the public Internet and other external connections in compliance with the Office of Management and Budget's (OMB) Trusted Internet Connection (TIC) Initiative.

The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.

The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.

<span class="mw-page-title-main">Official Secrets Act (Pakistan)</span> Law in Pakistan

The Official Secrets Act, of 1923 is a law in Pakistan that traces its origins back to the British colonial era in India. Enacted during that time to protect state secrets and maintain the security of the British Empire, the Act continues to be in force in present-day Pakistan.

References

  1. "So what exactly does "For Official Use Only" mean?". ioss.gov. Archived from the original on 2007-10-10. Retrieved 2008-09-17.
  2. State Department policies
  3. NASA SBU parent page Archived March 27, 2009, at the Wayback Machine
  4. NASA on FOIA exemptions and SBU material Archived March 27, 2009, at the Wayback Machine
  5. "Sensitive But Unclassified" Information and Other Controls: Policy and Options for Scientific and Technical Information Archived January 12, 2016, at the Wayback Machine from the Congressional Research Service
  6. My Country Against Me, Dr. Wen Ho Lee & Helen Zia. See his article for more information.
  7. PROTECTION REQUIREMENTS FOR INFORMATION MARKED "PROTECT AS RESTRICTED DATA", Federation of American Scientists
  8. Pentagon Tightens Grip on Unclassified Information, FAS.org, July 11th, 2011 by Steven Aftergood
  9. Castelli, Elise (January 22, 2008). "New policy expected soon for sensitive information". Federal Times. Archived from the original on January 2, 2013.{{cite news}}: CS1 maint: postscript (link)
  10. "Memorandum For The Heads Of Executive Departments And Agencies - Designation and Sharing of Controlled Unclassified Information (CUI)" (Press release). The Office of the White House. May 9, 2008. Retrieved October 21, 2008.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.